Privacy Policy

Privacy Policy

1. General Information

The following Privacy Policy explains how Limitless eCom GmbH (trading under Lotus Dream) collects, processes and protects your personal data when you visit or make a purchase on our website https://lotusdream.de.

We take the protection of your personal information very seriously and comply with the requirements of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

By using this website, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

Limitless eCom GmbH
Warthestraße 21
14513 Teltow, Germany

Phone: +49 (0) 179 5174971
Email: kontakt@lotusdream.de

The company is represented by Dennis Thoms and Marcel Ritzke.

For all questions related to data protection, please contact us via the details above.

3. What Data We Collect

We collect different types of personal information depending on how you interact with our website:

• Information you provide directly – such as your name, email address, postal address, phone number and payment details when placing an order or contacting us.
• Automatically collected data – including your IP address, browser type, operating system, time of access and pages visited (via server logs and cookies).
• Marketing & communication preferences – such as newsletter subscriptions or consent to receive promotional emails.
• Customer account data – if you create an account, we store your login and order history to manage your purchases.
• We do not sell or rent personal data to third parties.

4. Purpose of Processing

We process your personal data for the following purposes:

• To fulfil and manage your order (including shipping and payment).
• To provide customer service and handle your enquiries.
• To send transactional emails such as order and shipping confirmations.
• To improve the performance and security of our website.
• To provide relevant product information and marketing (only with your consent).
• To comply with our legal obligations (e.g. tax and accounting).

5. Legal Basis for Processing

According to Article 6 GDPR, we process your data on the following legal bases:

• Art. 6 (1)(b) – necessary for the performance of a contract (e.g. when you place an order).
• Art. 6 (1)(a) – based on your consent (e.g. newsletter subscription).
• Art. 6 (1)(f) – for our legitimate interests (e.g. website security, analytics, marketing).
• Art. 6 (1)(c) – to comply with legal obligations (e.g. record keeping).

You may withdraw your consent at any time by contacting us at kontakt@lotusdream.de.

6. Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
After these periods expire, your data will be securely deleted or anonymised.

Next sections (to follow):
7. Your Data Protection Rights
8. Hosting & Shopify Processing
9. Payment Providers (PayPal, Stripe, Klarna etc.)
10. Cookies & Tracking (Google Analytics, Facebook Pixel, etc.)
11. Newsletter & Marketing Communication
12. Social Media Plugins
13. Security & SSL Encryption
14. Contact & Updates

7. Your Rights Under the GDPR

As a customer or website visitor, you have the following rights regarding your personal data:

• Right of access – You may request information about the personal data we hold about you (Art. 15 GDPR).
• Right to rectification – You may request correction of inaccurate or incomplete data (Art. 16 GDPR).
• Right to erasure – You may request deletion of your data where there is no legal reason for us to retain it (Art. 17 GDPR).
• Right to restriction of processing – You may request limited use of your data under certain circumstances (Art. 18 GDPR).
• Right to data portability – You may obtain your data in a structured, commonly used, machine-readable format (Art. 20 GDPR).
• Right to object – You may object to the processing of your data on grounds relating to your particular situation, including for direct marketing purposes (Art. 21 GDPR).
• Right to lodge a complaint – You may file a complaint with the competent data-protection authority if you believe your rights have been violated.
  The competent authority for Limitless eCom GmbH is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

To exercise your rights, please contact us at kontakt@lotusdream.de.
We will respond to all valid requests within the timeframes required by law.

8. Hosting and Shopify Platform

Our online shop is operated on the Shopify e-commerce platform, provided by:

Shopify International Limited
Victoria Buildings, 2nd Floor, 1–2 Haddington Road,
Dublin 4, D04 XN32, Ireland.

Shopify acts as our data processor, providing the technical infrastructure and data storage for this website.
All data collected through our shop — including order details, account information and payment processing data — is stored securely on Shopify’s servers.

Shopify may also process data through its affiliated companies:

• Shopify Inc., 150 Elgin St., Ottawa, Ontario K2P 1L4, Canada.
  The European Commission has determined that Canada provides an adequate level of data protection (Art. 45 GDPR).
• Shopify (USA) Inc., which may process data in the United States under the EU–US Data Privacy Framework.

You can find Shopify’s full Privacy Policy here:
https://www.shopify.com/legal/privacy

The processing of personal data through Shopify is carried out pursuant to Art. 6 (1)(f) GDPR (legitimate interest in secure and efficient shop operation) and Art. 6 (1)(b) GDPR (performance of a purchase contract).

9. Payment Providers

To process payments, Lotus Dream works with trusted third-party payment providers.
Depending on your chosen payment method, your personal and payment data (e.g. name, billing address, IBAN, credit-card details) are transmitted securely to the relevant provider:

• PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
  – Data are processed according to PayPal’s privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
• Stripe Payments Europe Ltd., Dublin, Ireland
  – Used for credit-card transactions; privacy policy: https://stripe.com/gb/privacy
• Klarna Bank AB (Sweden)
  – Used for direct transfers and invoice purchases; privacy policy: https://www.klarna.com/international/privacy-policy/
• Each payment provider acts as a separate data controller for its processing activities.
  The legal basis for these data transfers is Art. 6 (1)(b) GDPR (contract fulfilment).

10. Data Security and SSL Encryption

Our website uses SSL (Secure Socket Layer) or TLS encryption for security reasons and to protect the transmission of confidential data, such as orders or enquiries.
You can recognise an encrypted connection by the lock symbol in your browser’s address bar and the change from “http://” to “https://”.

When SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Next part (final):
11. Cookies & Analytics Tools (Google, Meta Pixel etc.)
12. Newsletter & Email Marketing
13. Social Media Plugins
14. Updates & Contact